Space Shuttle Challenger Disaster

Author: Nora Lewis

Suggested Citation:

Lewis, N. (2026). Space Shuttle Challenger disaster. Technology Assessment Project Case Study Library, University of Michigan. https://stpp.fordschool.umich.edu/tap-case-study-library/space-shuttle-…

The Space Shuttle Challenger Disaster

Key Takeaways

• The imperfect communication and flawed internal culture of tech development spaces may hinder the safety and effectiveness of technologies, particularly "high risk" technologies.
• Organizations with high internal and public expectations for innovation may be driven to develop tech that is unsafe for humans and the environment.
• Additionally, the acclimation to and acceptance of risk in these spaces may drive more lenient safety regulations that produce riskier technology.

The Challenger Disaster

On January 28, 1986, almost two decades after the United States landed on the moon, NASA's Challenger space shuttle exploded 73 seconds into its flight. The explosion killed all seven crew members aboard and stunned millions around the world who watched the craft descend into flames on live television. The Challenger launch had gained widespread attention for its concurrent "Teacher in Space" program, which arranged for a highschool teacher from New Hampshire, Christa McAuliffe, to fly alongside NASA astronauts into orbit (NASA, n.d.). The program was introduced under the Reagan administration in 1984 to spur interest in math, science, and space exploration among American students, and resulted in the much-awaited Challenger launch being shown live in many schools across the country.

As the United States tried to make sense of what had happened, details emerged that the craft's solid rocket booster (SRB) had undergone substantial gas leakage upon launch (Starbuck & Milliken, 1988). The SRB's O-rings, or rubber rings used to seal the rocket booster's joints and prevent gas from leaking between parts, were badly burned after takeoff. The ambient temperature during launch was an uncharacteristically cold 28 degrees Fahrenheit, 15 degrees cooler than the lowest temperature the shuttle had ever been tested at prior (Starbuck & Milliken, 1988). Soon news emerged that the O-ring malfunctions and unfavorable weather conditions had not been a one-off technical difficulty, but a persistent problem throughout the shuttle's development process. Despite knowledge that the Challenger's O-rings were suffering frequent gas blowby several years before its fateful 1986 launch, NASA managers and engineers, as well as personnel at the contracted engineering firm Thiokol, who designed and produced the O-rings, the project persisted (Presidential Commission on the Space Shuttle Challenger Accident, 1986). President Reagan ordered a report to be issued to investigate the disaster, known as the Rogers Commission Report, which gathered massive amounts of interview and flight data from NASA and Thiokol. The report and its contents cast a harsh light on the decisionmaking and safety culture at NASA, concluding that the disaster was an "accident rooted in history" (Presidential Commission, 1986). Today, the Challenger disaster stands as a stark example of a technological agency entrenched with tacit error and mismanagement, errors which snowballed into catastrophe.

Accepting and Conceptualizing Risk

The "acceptable risks" that Wear alludes to were normalized early on in the Challenger's development process. NASA's response to these risks was deeply informed by precedent, where formalized systems for measuring risk such as their four-level Flight Readiness Review, failed to denote O-ring blow-by as a reason to halt the shuttle's launch. In 1985, a "launch constraint" was even issued by NASA managers following continual O-ring erosion, but the constraint was met with a waiver from SRB project manager Lawrence Mulloy (Presidential Commission, 1986). In the Roger Commission Report, this fact was met with disbelief and outrage from commission members, who interpreted Mulloy's decision as an outright disregard for the problem rather than an established pathway for dealing with technical flaws at NASA. A launch constraint, despite what many Commission members seemed to think, simply means that certain components of a design must undergo extra review before launch (Starbuck & Milliken, 1988). A launch constraint being issued alone cannot halt flight, but instead requires an engineer to assess the nature of the constraint and determine whether it could be seriously detrimental to a launch. If the review deems the problem sufficiently dealt with (or "acceptable," to borrow the vernacular of NASA managers), then the flight is permitted to launch (Starbuck & Milliken, 1988). Mulloy's waiver, though in hindsight ill-advised, was not an uncommon response to a launch constraint within the organization, and signified that standard agency safety procedures had been followed up until that point.

Even when information on the leaks was transmitted across leadership levels, the interpretation of the O-ring's inherent riskiness remained largely uniform among officials: sure, it was an obstacle, but not one that needed to hamper $3 billion-worth of designs and planning.

It was standard for NASA and Thiokol engineers to encounter risks and flaws in their designs, particularly when working on such large and technically-dense projects. The idea of a persistent "acceptable risk" may seem foreign to those outside NASA, but for the agency's intrepid engineers and managers, it merely meant that precedent had been followed within their safety paradigm and they could continue pushing on (Starbuck & Milliken, 1988).

Organizational Failures

Flawed and Incremental Judgement

Though a decade of test data had shown periodical defects in the Thiokol O-rings, neither NASA nor their supplier ever addressed these concerns in full. When it was discovered in a 1977 test that unexpected rotations in the rings would cause decompression instead of compression when sealing joints, NASA engineers asked Thiokol engineers to redesign the shuttle's joints (Vaughan, 2004). Instead of redesigning the joints, the Thiokol engineers thickened the diameter of the O-rings and the shims, or spacers used to apply pressure to the O-rings from the outside. After making these adjustments, NASA specialists deemed the "safety factors to be adequate" and joints "sufficiently verified with the testing accomplished to date," in 1980, reporting these findings to a high-level review committee (Presidential Commission, 1986). When an O-ring was eroded by hot gas during a test in November 1981, NASA employees did not bring up the event at the following flight-readiness review, nor did they report the erosion to higher management. A similar event occurred in 1983 during a full-scale shuttle test. By 1984, NASA and Thiokol engineers finally reviewed the O-ring malfunctions more thoroughly, ultimately reaching the conclusion that the O-rings would still seal even if eroded as much as 0.095 inches, where computer analysis had predicted the primary O-rings to erode 0.090 inches at most (Presidential Commission, 1986). A formal report on the investigation found that "this [O-ring erosion] is not a constraint to future launches," and the problem was once again sequestered to the background, never fully disappearing in iterative tests (Presidential Commission, 1986). When NASA's second-in-command, Hans Mark, asked the SRB teams at NASA and Thiokol to submit a written report on joint sealing later on that same year, the tests were never carried out and a report never generated (Presidential Commission, 1986).

The role that procedure played in the Challenger disaster cannot be understated. One clear instance of this can be seen on the eve of launch, when several Thiokol engineers expressed at a teleconference with NASA that they didn't believe the launch should occur at temperatures below 53 degrees Fahrenheit. Lawrence Mulloy, the SRB Manager at NASA, stated "My God, Thiokol, when do you want me to launch, next April?" (Presidential Commission, 1986). He continued, "... there are currently no Launch Commit Criteria for joint temperature. What you are proposing to do is generate a new Launch Commit Criteria on the eve of launch, after we have successfully flown with the existing Launch Commit Criteria 24 previous times" (Presidential Commission, 1986). Mulloy's statements seem negligent, yet his misgivings about altering the much-venerated procedures set in place at NASA are not out of place within the organization. For whatever reason, joint temperature was not a formal component of launch criteria, and thus the engineers' concerns did not and could not register as a real obstacle to NASA's mission in the eyes of officials. It didn't matter if weather reports predicted blisteringly cold temperatures (temperatures more than 15 degrees below those seen in the Challenger's 24 previous flight tests); joint temperature was not enshrined in the rulebooks, and therefore would mean calamitous conflict and a departure from all NASA precedent if held as a factor for halting launch (Presidential Commission, 1986). The 24 successful flights that Mulloy references underpin the centrality of past successes to NASA's "keep chugging along" frame of mind. If the Challenger launch, highly publicized and a symbol of the organization's comeback, were to be changed at the last minute, it might endanger this glossy past of technical supremacy and can-do attitude.

Though the severity and frequency of O-ring erosion had continued to increase leading up to launch, this had not been a topic of conversation among high-level NASA and Thiokol personnel until the eve of the launch. The problem had been known about and documented for several years, seemingly passing through all existing safety proceedings. Even five days before the Challenger's launch, administrators had noted that the "problem [O-ring erosion] is considered closed" (Presidential Commission, 1986). Buried beneath internal jargon, precedent, and layers of flight readiness reviews, O-ring erosion remained pervasive. As sociologist Diane Vaughan put it: "One is reminded of Gregory Bateson's metaphor about a frog in hot water: a frog dropped into a pot of cold water will remain there calmly while the water is gradually heated to a boil, but a frog dropped into hot water will leap out instantaneously" (Vaughan, 2004).

NASA's tendency to overlook the O-ring problem did not happen overnight, but was a product of many instances of subtle acclimation to risk. These instances of risk were dispersed over many years and did not have instantly disastrous effects, meaning that general conceptions of the O-ring's riskiness failed to create as clear an occasion for urgent action as a major explosion might. The distinct and well-established procedures for assessing and dealing with risk at NASA aimed to stay in flow with continuous and simultaneous testing and tinkering, rather than seeking to open up pathways for halting productivity altogether in the name of safety. Mulloy's decision to disregard the joint temperature concerns of Thiokol engineers was a protraction of NASA's slowly heating pot, where strict abidance of precedent and an aim to do the impossible had been simmering for decades.

Conflicting Interests Across Stakeholders and Imperfect Communication

Beyond oversight embedded in NASA's internal procedures, imperfect communication between stakeholders also represented a key concern leading up to launch. From Thiokol engineers who chose not to heed NASA's request to alter O-ring and joint designs, instead doubling the number of rings on rocket joints, to a lack of transparency on O-ring design flaws to the United States Air Force, a potential customer for NASA's heavy-lift launching air crafts and current collaborator, there were several vectors of disconnect between interested parties in the process (Presidential Commission, 1986). There was also the vertical hierarchy of leadership within NASA and Thiokol that often made the transfer of information about launch risks imperfect. The aforementioned teleconference between the two organizations illuminated an instance in which engineers brought very real technical concerns to the table, but were ultimately overruled by their managers to keep operations running as planned. It would be an oversimplification to assign NASA and Thiokol engineers the role of heroic purveyors of quality and safety against the efficiency- and cost-oriented managers, yet their alternate spheres of work undoubtedly made the communication of technical problems and their coinciding administrative responses disjointed across these differing levels of leadership. Though this division of labor is by no means distinct to NASA, the high-stakes operations of the organization meant that run-of-the-mill miscommunications could have deadly consequences. The large flow of technical information condensed from engineers to managers also meant that certain problems, especially those that had been dealt with via NASA procedure like O-ring erosion, lost potency and visibility in higher-level decisionmaking spaces (Starbuck & Milliken, 1988).

Another less obvious dynamic at play is the disconnect between crew members aboard the Challenger and the developers and managers of the technology itself. The crew did not have agency over the decision to launch (or perhaps the same knowledge of temperature implications on their safety) despite having the most at stake if something went awry. When NASA officials authorized the launch for January 28, they had been reminded with impassioned urgency just the night before of the large risks associated with launching in freezing temperatures. The momentum of the project and all its political baggage were in contention with the safety of its crew, who resided in yet another sphere from the engineering and managing sectors of the Challenger. It is clear that the managers' conceptualizations of risk and weighing of what might be reaped versus lost from a canceled launch existed in a different plane than that of crew members.

Technology as Fulfillment of Public Expectations

NASA's lineage of groundbreaking engineering feats instilled an attitude of invincibility among its employees, an imagined invincibility that pushed even troubling technical problems to the wayside. Those at NASA had trust in the processes that had led them to do the unimaginable decades prior, attributing past successes to the unflappable spirit and capabilities of their employees. With each project that followed, NASA teams had grown to trust the judgment of leadership perhaps more steadfastly, even when cracks began to show in their designs along the way. It wasn't a blind trust as much as it was viewed as a well-earned trust in NASA's methods, confidence which created complacency and an unwillingness to adjust the rules even when novel problems arose. Coupled with valued, tried-and-true safety tests that tended to deem incessant problems "closed" and "acceptable," it's not hard to understand why O-ring erosion failed to be more of a sticking point during development. In the words of organizational scientists Bill Starbuck and Frances Milliken on the Challenger disaster, "Success breeds confidence and fantasy" (Starbuck & Milliken, 1988). By the 1980s, NASA's fantasy was for a new era of operational technology and its "Space Transportation System," reusable aircrafts which could bring people and cargo into space and back (Presidential Committee, 1986). Though this technology was mainly used by astronauts for research purposes in later decades, there were some hopes that the reusable crafts could pave the way for non-exploratory space travel in the future. A departure from the Space Race's emphasis on scientific exploration, this new era painted perhaps a less exclusionary notion of space travel (or at least sought to in theory).

The Teacher in Space program illustrates this growing tendency best, where the magic of space travel was not solely limited to astronauts and their unique expertise (NASA, n.d.). Yet it was this program that made the Challenger mission a more public-facing project, a factor which placed further pressure on NASA leadership to actually deliver on the launch when they said they would. One Thiokol executive, Allan McDonald, later reflected on the infamous launch-eve teleconference that the data backed up concerns over joint temperature, but politics and pressures ultimately caused Thiokol and NASA to OK the mission anyway (Berkes, 2016). An added layer to the narrative came from NASA's shrinking budget in the wake of the Space Race. At its height, the organization's budget sat at over $34 billion in 1965, while by 1980, this number had fallen to roughly $15 billion (Roberts, 2022). The momentum of the Space Race and its concurrent cash flow produced a much different context for the Challenger than Apollo 11, meaning that NASA had to prove themselves worthy of money and attention again. The organization's operations were facing cost overruns and less testing hardware and quality-assurance staff, a situation which gave NASA less capacity to conduct thorough safety assessments but a greater pressure to reaffirm their competence (Starbuck & Milliken, 1988). The "politics" and "pressures" that McDonald alluded to are ultimately reflected in NASA's budgetary reports.

Assigning Blame in the Wake of Disaster

Broader reactions to the Challenger explosion fall in line with age-old narratives about human culpability in the wake of disaster. Often after a disaster has occurred we're left searching for answers as to what (or who) might be responsible for begetting such chaos. In the case of events like the Chernobyl meltdown, for example, the answer to these ponderings came partially from assigned blame to human error (Richardson, 1994). It was not solely the technology, but more widely-held the people operating the technology, that stoked the flames of disaster, acting as a testament to the follies and limitations of human judgment. After the Challenger launch went awry, the Reagan administration swiftly ordered an investigation into the accident from the newly-formed Rogers Commission, a committee consisting of high-profile politicians, scientists, and former astronauts such as Neil Armstrong and Sally Ride. The ensuing report from the Commission was published in June of 1986, and outlined human oversight and a culture of risk acceptance at NASA as the main causes of the disaster (Presidential Commission, 1986). In particular, the vast array of interviews conducted with NASA and Thiokol officials and engineers painted a picture of negligent human action from project managers as a principal force behind the explosion. These conclusions helped to make sense of the event, where figures like Mulloy were an easier target than the more existential flaws that plague high-stakes technological projects.

Though NASA's internal decisionmaking was certainly critiqued more broadly in the report, the apparently wanton disregard of NASA managers was a theme throughout proceedings (Presidential Commission, 1986). The Commission found that managers had committed misconduct in the development process, in some cases through misleading summarizations of NASA documents. In one instance, the report stated that a NASA technician had written that the shuttle's booster design was "unacceptable" (Presidential Commission, 1986). In reality, the 1977 memo states that no change to the present booster design was "unacceptable," alluding to the need for tinkering down the line, not damning the project's feasibility on the whole (Vaughan, 2004). In a 1985 memo, one contracted engineer wrote that the flawed booster design could lead to "catastrophe" if not changed, another point that the Commission's report interpreted outside the context of NASA. The meaning of catastrophe among NASA engineers was a more precise and bureaucratic label of risk and loss than the visions of explosions and smoke others might link with the word (Vaughan, 2004). The engineer used a term that many before him had used to describe a potential level of technological failure. Commission members interpreted "catastrophe" in layman's terms, while at NASA, the word was not likely to set off a cascade of alarm bells.

This analysis is not in an effort to downplay their contributions to the disaster, but to better understand that this human misguidance had been paved by a long road of invincibility complexes, quests to innovate even when safety concerns arose, and aims to preserve existing organizational paradigms. Solely dwelling on human error in these cases seeks to distract from the role of larger bureaucratic systems that drive blind conformity and risk-ladden innovation-seeking in the first place. It also tends to prop up more autonomous systems as the panacea to human judgment, an approach which does not guarantee less errors (and comes with its own slew of vulnerabilities).

Though disasters will inevitably happen at one time or another, it is worth asking: how and why do risks remain obscured and accepted in the development of so many technologies? What broader motivations or organizational forces allow for these oversights to happen again and again? The answers are varied across contexts, but what remains constant is that the failures of institutional procedures often breed the opportunity for human mistakes, not the other way around. In the case of the Challenger disaster, NASA's past laurels, flawed communication style between leadership levels, and strict adherence to precedent fostered an array of flawed and fatal human decisions.

Relevance to Advanced Nuclear Energy

We chose this case to illuminate how internal deficiencies within tech development spaces can have deadly effects. In this case, high public expectations and visibility of the project, alongside acclimation to risks, poor communication among levels of leadership, and an insatiable "can-do" culture drove unsafe tech development. With high expectations among industry proponents and the federal government for advanced nuclear to be a climate salve, its development seeks to be vulnerable to some of these same problems. Additionally, the acceptance of nuclear risks within the industry may lead to technological development that overlooks risk in key instances, which seeks to place communities in harm's way as a result.

Key Sources

Perrow, C. (1999). Normal accidents: Living with high risk technologies (Updated). Princeton University Press.

Presidential Commission on the Space Shuttle Challenger Accident. (1986). Rogers Commission Report.

Starbuck, W. H. & Milliken, F. J. (1988). Challenger: Fine-tuning the odds until something breaks. Journal of Management Studies, 25(4), 319–340.

Vaughan, D. (2004). Theorizing disaster: Analogy, historical ethnography, and the Challenger accident. Ethnography, 5(3), 315–347.

Vaughan, D. (1999). The role of the organization in the production of techno-scientific knowledge. Social Studies of Science, 29(6), 913–943.

Weick, K. E. & Sutcliffe, K. M. (2015). Organizational culture and reliability. In Managing the unexpected: Sustained performance in a complex world (3rd ed., pp. 129–147). Wiley.

Weick, K. E. & Sutcliffe, K. M. (2015). Principle 1: Preoccupation with failure. In Managing the unexpected: Sustained performance in a complex world (3rd ed., pp. 45–61). Wiley.

Photo: The Space Shuttle Challenger waits on Launch Complex 39A at Kennedy Space Center before its first mission, STS-6, launched on April 4, 1983. NASA / Public Domain, via Flickr.